On Tue, Sep 18, 2001 at 03:58:56PM -0700, John Young wrote:
The worm hit Cryptome at 8:43 AM EST and is now sucking at a rate of about 90% of the load. As others have noted, the bulk of the hits appear to be coming from our own ISP, either by design or by spoofing the origin. Our server is on Apache but the worm generates endless errors attempting to find holes in IIS.
This is NOT Code Red but another assinine E-Mail worm that also tries IIS and netbios propagation. Unfortunately, it is being VERY successful at all of the above. More like "Code Red on Steriords". Not just Grannie and her hotmail account with an MS Mail client but it's even propagating to Samba shares and other SMB connections with "guest" accounts.
Pervasive DDoS attacks are reportedly underway at gov sites. We are not seeing an unusual number of that type.
Nothing targeted like that... To paraphrase the movie "Labyrinth"... No... Just a worm... Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!